29 lines
745 B
Python
29 lines
745 B
Python
from functools import wraps
|
|
|
|
from flask import abort, flash, redirect, url_for
|
|
from flask_login import current_user
|
|
|
|
|
|
def admin_required(f):
|
|
@wraps(f)
|
|
def decorated(*args, **kwargs):
|
|
if not current_user.is_authenticated or not current_user.is_admin:
|
|
flash("Доступ только для администраторов", "error")
|
|
return redirect(url_for("main.index"))
|
|
return f(*args, **kwargs)
|
|
|
|
return decorated
|
|
|
|
|
|
def can_manage_photo(photo):
|
|
if not current_user.is_authenticated:
|
|
return False
|
|
if current_user.is_admin:
|
|
return True
|
|
return photo.user_id == current_user.id
|
|
|
|
|
|
def photo_owner_or_admin(photo):
|
|
if not can_manage_photo(photo):
|
|
abort(403)
|